COVID, LinkedIn scams take advantage of your trust.
Welcome to Cyber Security Today. It’s Monday June 22nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Today’s podcast deals with three scams, which, like most cons involve taking advantage of your trust.
I’ll start with reporting that millions of employees in the United States, the U.K., and four other countries may open their email today to find COVID-19 themed phishing messages laced with malware. According to the ZDNet news service, a cybersecurity company called Cyfirma says it’s part of an email blitz that allegedly will have started Sunday by a North Korean-based hacker team dubbed the Lazarus Group. Cyfirma said it found plans for the attack on a Korean-language hacker forum. To seem convincing the messages will appear to come from government agencies or trade associations offering employees or businesses financial support to get through the pandemic. The messages will ask recipients to go to websites controlled by the attackers and disclose personal information that presumably would be used for fraud. Other alleged targeted countries are Singapore, South Korea, Japan and India. Computer emergency response teams in all six countries have been notified. Regardless of whether this alert is accurate there’s no doubt hackers are using the pandemic to create COVID-19 scams. Last week Microsoft reported pandemic-themed attacks peaked in mid-March and have been declining since –hopefully because people and anti-malware software are smart enough to recognize them. But attacks increase in different countries, often based on headline-making events — for example, news of a local spike of COVID cases or deaths.
Another COVID-related scam was detailed last week by Juniper Networks, which makes equipment for running corporate networks. Email messages to employees went out last month that appears to come from the U.S. Department of Labor about changes to federal family and medical leave legislation. For more information they have to click on the attached document. That document carries malware that looks for login usernames and passwords on infected computers for Canadian and American banks and U.S. cellphone companies. There’s a tip-off this might be fraud: The message comes from the so-called “COVID-19 Center.” For companies one lesson is to keep reminding employees that COVID scams are rampant. For individuals, protect your bank accounts with two-factor authentication. Check with your financial institution to see if it is offered, and if so, how to set it up.
Exploiting people’s trust is a prime strategy by hackers. For example, trust that a COVID email comes from a government department. Here’s another: Trust that a job offer on LinkedIn really comes from the company making the offer. Security company ESET has uncovered a big espionage scam against aerospace and defence companies that used LinkedIn. The attackers created fake LinkedIn accounts, with photos, pretending to be HR officials from big companies like Collins Aerospace and General Dynamics. Then they sent messages to specific people in firms, selected by their LinkedIn profiles as likely to be interested by a job offer. Once the victim replied the attackers would send email messages that included an attached file with corporate or job information. But the file was infected. Now the victim’s computer was compromised, allowing the attacker to read their email. From there the attacker could try to get into the victim company’s system to steal data.
As I’ve said before, don’t trust everything on the Internet.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon